CVE Database

9309+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-52215
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products …

Jan 8, 2024
CVE-2024-21650
10.0 CRITICAL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution …

Jan 8, 2024
CVE-2023-47211
9.1 CRITICAL

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An …

Jan 8, 2024
CVE-2024-0322
9.1 CRITICAL

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

Jan 8, 2024
CVE-2024-0321
9.8 CRITICAL

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

Jan 8, 2024
CVE-2023-6921
9.8 CRITICAL

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one …

Jan 8, 2024
CVE-2024-22216
10.0 CRITICAL

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can …

Jan 8, 2024
CVE-2023-46953
9.8 CRITICAL

SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.

Jan 6, 2024
CVE-2022-46839
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS …

Jan 5, 2024
CVE-2023-50027
9.8 CRITICAL

SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via …

Jan 5, 2024
CVE-2020-13880
9.8 CRITICAL

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.

Jan 5, 2024
CVE-2020-13879
9.8 CRITICAL

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.

Jan 5, 2024
CVE-2020-13878
9.8 CRITICAL

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.

Jan 5, 2024
CVE-2023-51277
9.8 CRITICAL

nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.

Jan 5, 2024
CVE-2024-22088
9.8 CRITICAL

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.

Jan 5, 2024
CVE-2024-22087
9.8 CRITICAL

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code …

Jan 5, 2024
CVE-2024-22086
9.8 CRITICAL

handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.

Jan 5, 2024
CVE-2024-22051
9.8 CRITICAL

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap …

Jan 4, 2024
CVE-2023-51812
9.8 CRITICAL

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.

Jan 4, 2024
CVE-2023-51154
9.8 CRITICAL

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.

Jan 4, 2024
CVE-2023-50867
9.8 CRITICAL

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-50866
9.8 CRITICAL

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-50865
9.8 CRITICAL

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-50864
9.8 CRITICAL

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-50863
9.8 CRITICAL

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-50862
9.8 CRITICAL

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-50753
9.8 CRITICAL

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters …

Jan 4, 2024
CVE-2023-50752
9.8 CRITICAL

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters …

Jan 4, 2024
CVE-2023-50743
9.8 CRITICAL

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters …

Jan 4, 2024
CVE-2023-49666
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49665
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49658
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49639
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49633
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49625
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49624
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49622
9.8 CRITICAL

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and …

Jan 4, 2024
CVE-2023-49442
9.8 CRITICAL

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

Jan 3, 2024
CVE-2023-50090
9.8 CRITICAL

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted …

Jan 3, 2024
CVE-2023-50253
9.6 CRITICAL

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without …

Jan 3, 2024
CVE-2023-39655
9.6 CRITICAL

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password …

Jan 3, 2024
CVE-2023-51784
9.8 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote …

Jan 3, 2024
CVE-2023-52314
9.6 CRITICAL

PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.

Jan 3, 2024
CVE-2023-52311
9.6 CRITICAL

PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.

Jan 3, 2024
CVE-2023-52310
9.6 CRITICAL

PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.

Jan 3, 2024
CVE-2023-50921
9.8 CRITICAL

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects …

Jan 3, 2024
CVE-2023-46308
9.8 CRITICAL

In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.

Jan 3, 2024
CVE-2023-48418
10.0 CRITICAL

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to …

Jan 2, 2024
CVE-2023-6339
10.0 CRITICAL

Google Nest WiFi Pro root code-execution & user-data compromise

Jan 2, 2024
CVE-2024-21623
9.8 CRITICAL

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in …

Jan 2, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.